Identify and access critical processes

Objective of the exercise

The objective of the exercise is to identify the IT-related processes whose existence may be critical for achieving the business objectives, and assessing their current level of maturity (or development) and completeness. The purpose of this activity is to gain additional insight into the possible areas of intervention for developing or improving the information system(s).

While the previous exercise was devoted to formulating the IT-related objectives, attainable by means of information technology, which would support the business objectives. This activity aims at assessing what IT-related processes might be necessary to put in place (or improve if they already exist) to facilitate reaching these objectives. 

Introduction

Assessing the maturity level of IT processes from a business perspective is crucial for several reasons:

1. Alignment with business goals: A maturity assessment ensures that IT processes are aligned with the business's strategic goals. Mature IT processes are better equipped to support and drive business objectives, leading to improved overall performance and competitive advantage.
2. Optimization of resources: Mature IT processes often result in more efficient use of resources. This includes optimizing staff time, reducing wastage and making better use of technological investments, all of which can lead to cost savings and improved productivity.
3. Risk management: A higher maturity level in IT processes generally equates to better risk management. Mature processes have well-defined procedures for handling risks and contingencies, thus reducing the likelihood of disruptions to business operations.
4. Quality of service: Mature IT processes improve the quality of IT services and products. This results in higher customer satisfaction, increased reliability, and better service delivery, which are all critical for maintaining a positive business reputation.
5. Innovation and adaptability: Businesses with mature IT processes are often more agile and innovative. They can adapt more quickly to changing market demands, new technologies, or disruptions, which is vital in today's fast-paced business environment.
6. Regulatory compliance: Many industries and administrative environments have stringent regulatory requirements regarding data security, privacy and operational standards. Mature IT processes help ensure compliance with these regulations, reducing the risk of legal issues and penalties.
7. Decision-making and planning: Mature IT processes provide better metrics and data for decision-making. This supports more accurate and strategic business planning budgeting, and forecasting.
8. Employee satisfaction and productivity: Well-defined and efficient IT processes can lead to higher employee satisfaction, as employees have clear guidelines and tools to perform their tasks. This often translates into higher productivity and lower staff turnover.
9. Market competitiveness: Businesses with mature IT processes are often more competitive in the marketplace. They are able to leverage technology effectively, respond quickly to market changes and offer better products and services.
10. Scalability and growth: Mature IT processes are scalable, making it easier for organizations to grow and expand. Scalable processes accommodate increased workloads and organizational changes without a significant drop in performance or service quality.

In summary, assessing and improving the maturity level of IT processes is vital for ensuring that the IT function effectively supports and enhances business objectives, maintains competitiveness and adapts to the ever-evolving business and technological landscape.

What are the steps of identifying and assessing available and required critical IT processes?

The steps in identifying and assessing available and required critical IT processes are:

1. Determination of critical IT processes;
2. Assessment of current maturity level;
3. Performance of gap analysis.

Step 1. Determine critical IT processes

Identifying critical processes starts with determining which IT processes are critical for achieving the defined business objectives. This could include processes like software development, data management, IT security and network infrastructure management. This should be done in collaboration with stakeholders across the organization, including business unit leaders, end users and IT staff. Their insights will be valuable in determining which IT processes are essential for daily operations and strategic initiatives.

Then map the determined critical IT processes to business functions (activities). Analyse how various IT processes support specific business functions. This mapping helps in determining which IT processes are critical for the functioning of key business areas such as sales, operations, finance and customer service.

Evaluate the impact of each IT process on the business. Consider what would happen if a process failed or were interrupted. Processes that have a high impact on business continuity or those on which multiple other processes depend are typically critical.

Determine IT processes that are essential for managing risks and meeting compliance requirements. Processes that safeguard data security, privacy and regulatory compliance are often critical. Analyse historical data regarding IT incidents, downtime and performance bottlenecks. Processes that have previously caused significant disruptions or frequent bottlenecks in performance are likely critical.

Prioritize processes based on the value they deliver to the business and their efficiency. Critical processes are often those that add significant value or require optimization to improve overall business performance.

This determination of critical IT processes is the first step in ensuring that these processes are managed effectively, optimized and aligned with the overall business objectives.

Practical note: This step could be organized as separate discussion groups taking notes of their proposals of identified critical processes on post-it cards, together with justifications, and placing them on a large sheet of paper, one under another, together with the corresponding business objectives.

Step 2. Assess current maturity level

Various maturity models, such as the Capability Maturity Model Integration (CMMI) or the IT Infrastructure Library (ITIL), are widely used to assess the current maturity level of IT processes (CMMI Product Team and others 2006; Gërvalla et al. 2018). This assessment highlights areas of strength, identifies gaps, and helps in formulating a structured approach to elevate the maturity of IT services, ultimately ensuring they deliver maximum value to the business.

In this exercise, the ITIL (Information Technology Structure Library) framework is used. ITIL categorizes IT service management into several processes and functions, such as Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. Each area consists of specific processes (since ITIL v4 the term 'practices’ is also used which conveys a broader meaning as they can group several processes). An ITIL maturity assessment involves evaluating how well an organization has implemented these practices.

ITIL does not prescribe a specific maturity model but is often assessed using a simple scoring scale. This scale typically ranges from Level 1 (ad hoc activities) to Level 5 (highly organized and self-optimizing processes). The assessment involves determining how well an organization’s IT processes and practices align with ITIL recommendations at each maturity level.

The capability levels of every process can be described as follows:

• Level 1: The process is not well organized; it is performed as initial/intuitive. It may occasionally or partially achieve its purpose through an incomplete set of activities. 
• Level 2: The process systematically achieves its purpose through a basic set of activities supported by specialized resources. 
• Level 3: The process is well defined and achieves its purpose in an organized way, using dedicated resources and relying on inputs from other processes that are integrated into a service management system. 
• Level 4: The process achieves its purpose in a highly organized way, and its performance is continually measured and assessed in the context of the service management system. 
• Level 5: The process is continually improving organizational capabilities associated with its purpose. Each capability level is based on the previous ones; they need to be achieved before the current level can be assessed.

The assessment process begins with collecting data on the organization's IT-related processes and practices. This includes reviewing process documentation, conducting interviews with IT staff and stakeholders, and analysing service performance data. The goal is to gain a comprehensive understanding of how IT services are managed and delivered. The full description of a comprehensive review process for an organization is beyond the scope of this manual. The reader is referred to the official ITIL Process documentation or one of many books on the subject.

The collected data is then compared against ITIL best practices. This analysis helps identify areas where the organization’s processes do not fully align with ITIL recommendations. It is important to consider both the efficiency and effectiveness of processes in delivering value to the business

For each ITIL process or function, the organization’s current practice (i.e. the way the process is organized and executed) is rated on the maturity scale. This involves assessing aspects like process standardization, documentation, integration with other processes, performance measurement, and continuous improvement mechanisms.

Practical note: This step can be done as separate discussion groups taking notes of their evaluation of the maturity level of identified critical processes on post-it cards, together with justification of the assessment. After a group session, each group leader places the post-it cards next to the processes identified in the previous step. Then, an arithmetic average is calculated for each process. Identified areas for improvement can be noted on the side, they will help later identify strategic actions.

Step 3. Perform gap analysis

Compare the current maturity levels of the IT processes with their desired levels required to achieve the business objectives, then identify gaps and areas that need improvement.